1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

How to avoid Phishing and other Hacks/Scams

Discussion in 'SteamRep Guides' started by Nathan Cash, May 4, 2013.

  1. Nathan Cash

    Nathan Cash New User

    Messages:
    109
    Steam:
    STEAM_0:1:45077164
    Hello! I know several people who have either had their accounts phished or have gotten scammed out of their unusual hats. This is a simple guide on how to avoid a similar fate. Unfortunately, most people are not aware of what Phishing is or how it works. This guide touches on many forms of scams besides just phishing. If this is the wrong place for something like this I would appreciate it if an admin would move it. Since most scams originate from some sort of link, I am going to post the guide on this thread. If you see someone you think is not aware of the various forms of scamming/hacking please refer them to this thread!


    Section 1: Phishing
    This is the easiest, and thus most popular way to hijack a steam account. It is very easy to detect if you know what to look for. Phishing is a form of social engineering that tricks you into giving away your login information. The first thing a phisher will do is contact you saying something along the lines of "This is Valve. There has been an attempt to hijack your account and thus we need to to verify your information" or "Hey I saw you had something for sale, ill be happy to buy, here is what I can offer" In both cases they will provide a link. The link will lead you to a fake steam login page. When you login they will be sent the information and you will be redirected to the real steam login page. It is very easy to avoid getting Phished. All you have to do is not login steam from a link you are given by someone else. If you make sure to only log in steam from official websites such as outpost or Steamrep your account can not be taken through this method.

    Section 2: Scripts
    While this method of stealing your account is not very popular as it is very hard to do, it is perhaps the most dangerous. Just like phishing, you will be given a link the hacker hopes you will click. It will lead you to a page with JavaScripts on it. These scripts will immediately take your information. The easiest way to avoid this hacking method is to enable No Script mode on your browser whenever you are clicking a suspicious looking link.

    Section 3: Paypal Scams
    I know more people who have lost items to Paypal scams then any other type of scam. Scammers will offer you real money for an item. They will ask you to give them the item first, and then they will send the money. When they get the item they will take it and never pay you. This is perhaps the easiest to avoid. If you are selling an item for real money always go first, use a SteamRep approved middleman, or sell your items to Tf2Shop. (Steamrep approved website that buys backpacks) Although many people who ask you to go first may legitimately pay you, the only way to be sure you won't be scammed is to follow the methods mentioned above.

    Section 4: Raffle Scams
    There are many people who raffle away items in tf2 as well as other games. They charge a certain amount as an entry fee and promise to use one of many methods to determine the winner. Once they get a good amount of entry fees, they will leave the server and take your item(s). The only way to avoid getting raffle scammed is to not participate in a raffle.

    Section 5: Sharking
    A sharker is someone who looks for new users with rare items. They give a few very common items to the user for their super rare item. Since the player targeted is new he/she does not know what his item is worth and accepts the trade. To avoid this use a reliable price-checking source before trading anything that you are not sure of its value. Backpack.tf should be used for everything except for unusual items.


    I covered every type of scam I could think of and hope I inform players about the many methods scammers will use to take your account/items. If there is something that needs to be added, post below.
  2. DataStorm

    DataStorm Retired Staff

    Messages:
    3,437
    Section 1:
    if its a official steam site, it will open in the steam browser, not in your normal browser (Firefox, Chrome, Interslet Exploder, etc)

    Section 2:
    Do not keep logged in on steam with your browser, only on the third party websites.

    Section 3:
    Only accept raffles done by admins.

    Section 4:
    Tf2shop is NOT "approved" by SteamRep. They had for some time bought a ad-space on SR, but thats about it.

    Section 5:
    Unfortunately, sharks are active on normal servers, and if they read here they would be already informed enough to not be vulnerable... chicken / egg problem.
  3. Nathan Cash

    Nathan Cash New User

    Messages:
    109
    Steam:
    STEAM_0:1:45077164
    Ah sorry bout saying Tf2shop was steamrep approved. They seem to be reliable though.
  4. Mvskoke

    Mvskoke New User

    Messages:
    4
    Steam:
    STEAM_0:0:47516614
    The problem with sharking is that the people who get sharked are kind of new to trading. So they don't know about backpack.tf, and probably don't visit here. I never knew about this site until I got reported. I think that with 20 people on a serer someone will say "That's not a fair deal." when someone uncrates an unusual and gets offered some weps. But honestly the best way to not get sharked is to know what your stuff is worth. And sadly, noobs don't.
  5. {SuN} Chalk

    {SuN} Chalk New User

    Messages:
    4
    Steam:
    STEAM_0:1:55189553
    How long do you think it would take for the Phisher to log in your info and hijack you stuff? I did a stupid thing and clicked on a link on outpost which lead me to a white page with lettering on it. I didn't have time to read since I immediately closed it.
    I'm pretty sure it's a script like what the OP said on Section #2. It's been a day since I clicked on it. Do you think I'm safe?
    I couldn't sleep the whole night because of that.
  6. DataStorm

    DataStorm Retired Staff

    Messages:
    3,437
    change your passwords of mail and steam.

    also, what I've seen lately is that its automated, as soon as you log in on the site, the login name and password are passed thru to the "bot" and a attempt to log into steam is made by it, it. Steam will then send the email to "verify" that you are really trying to log into the new "location" and the bot asks for that verification code..... once it has that, it will automatically trade your most valuable items and log out for the next victime (may change your email/password to prevent you to regain your account).
  7. Gamma032

    Gamma032 New User

    Messages:
    71
    Steam:
    STEAM_0:0:42303924
    Change your password then you should be fine.
  8. (Sh) Skyheatgaming

    (Sh) Skyheatgaming New User

    Messages:
    27
    Steam:
    STEAM_0:0:52746089
    You should add:
    1.youtube videos that say: FREE TF2 ITEM HACK. And ask you to send your account details to a specific account. These are fake designed to steal your items off you.
  9. NinjaNick

    NinjaNick New User

    Messages:
    35
    Steam:
    STEAM_0:1:37308762
    Honestly if someone falls for that trick then they shouldn't be playing TF2 in the first place.
  10. Penguin The Fluffy

    Penguin The Fluffy Articus Birdicus Defenderus Retired Staff

    Messages:
    774
    Steam:
    STEAM_0:0:10455403
    Wrong. They may be young and not know any better. Now I do not condone cheats but you should never under any circumstance claim the victim deserved it.
    Alex From Security likes this.
  11. NinjaNick

    NinjaNick New User

    Messages:
    35
    Steam:
    STEAM_0:1:37308762
    I never said that they deserve to lose the security/access of their Steam account. I meant that if someone fell for that trick, they are most likely young. And I personally believe that anyone under 10 should not be playing this game since it is rated 17+ but that is a whole different issue for another time.
  12. (Sh) Skyheatgaming

    (Sh) Skyheatgaming New User

    Messages:
    27
    Steam:
    STEAM_0:0:52746089
    A friend of mine did it, hes 14. He did just as i warned him not too. Anyway another on of my friendd is CONVINCED they work! He says they come with a price, but work. Im like facepalm.
    NinjaNick likes this.
  13. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Could you please shorten your signature, to refer to your SR profile you can point to the ID64 under the avatar etc. We rather have a vertically small signature on this forum.
  14. Frost-Seupoj

    Frost-Seupoj New User

    Messages:
    33
    Steam:
    STEAM_0:0:29854057
  15. (Sh) Skyheatgaming

    (Sh) Skyheatgaming New User

    Messages:
    27
    Steam:
    STEAM_0:0:52746089
    Ok, sorry admin. Done it :D
  16. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
  17. Zombie Jesus

    Zombie Jesus New User

    Messages:
    5
    Steam:
    STEAM_0:0:39732648
    I hate to admit it but I was phished. I am normally super careful but the work done by the hijacker was very professional and I was lax.

    Lets start by how it happened:

    I was trying to sell some unusuals on TF2outpost. I have attached the link.
    http://www.tf2outpost.com/trade/15774634 (my normal account is Zombie Jesus)
    I received what I thought was a fair deal. The only thing was that he asked me to friend him those his steam community profile.
    The alarm bells should have rung at this point but everything looked clean.
    Then I saw that there was no Add Friends prompt so I went back to the original offer and sent a friends message. i had a look at the friends list and saw it had been offline for about 24 hours.
    The community profile said, however, that he was online so I went searching.
    In the searching I came across a latest trades prompt and thought this may show something.
    It then wanted me to log into steam.
    the prompt looked exactly the same as a remote steam login so stupid me entered my details.
    Next thing I know I was booted from steam and could not get back in.
    The hijacker had changed my password and email address.
    Went back to outpost to see that he had been just then banned for phishing. Bit too late for me though.

    So the story is that I have logged in a Support Ticket with Steam. I have had to lock down my account to TF2 Warehouse. I am trying to lock down my outpost but they are as customer friendly as Warehouse.

    So I have all the mod cons and am super security serious with my household computers but I was got.

    My advice on ANY trade site is DO NOT CLICK ON LINKS. It doesn't have to be free games. All it takes is a url that look correct but isn't.

    Time to belatedly find a malicious URL add on for my Firefox browser.